Veritas Access Installation Guide
- Introducing Veritas Access
- Licensing in Veritas Access
- System requirements
- System requirements
- Linux requirements
- Linux requirements
- Network and firewall requirements
- Preparing to install Veritas Access
- Deploying virtual machines in VMware ESXi for Veritas Access installation
- Installing and configuring a cluster
- Installing the operating system on each node of the cluster
- Installing Veritas Access on the target cluster nodes
- About managing the NICs, bonds, and VLAN devices
- About VLAN tagging
- Automating Veritas Access installation and configuration using response files
- Displaying and adding nodes to a cluster
- Upgrading Veritas Access and operating system
- Upgrading Veritas Access using a rolling upgrade
- Uninstalling Veritas Access
- Appendix A. Installation reference
- Appendix B. Configuring the secure shell for communications
- Appendix C. Manual deployment of Veritas Access
Setting up the SSH and the RSH connections
You can use the pwdutil.pl utility to set up the SSH and the RSH connections automatically. This utility can be located at /opt/VRTS/repository/ga/images/SSNAS/7.4.0.0/scripts/pwdutil.pl.
# ./pwdutil.pl -h Usage: Command syntax with simple format: pwdutil.pl check|configure|unconfigure ssh|rsh <hostname|IP addr> [<user>] [<password>] [<port>] Command syntax with advanced format: pwdutil.pl [--action|-a 'check|configure|unconfigure'] [--type|-t 'ssh|rsh'] [--user|-u '<user>'] [--password|-p '<password>'] [--port|-P '<port>'] [--hostfile|-f '<hostfile>'] [--keyfile|-k '<keyfile>'] [-debug|-d] <host_URI> pwdutil.pl -h | -?
Table: Options with pwdutil.pl utility
Option | Usage |
---|---|
--action|-a 'check|configure|unconfigure' | Specifies the action type. The default value is 'check'. |
--type|-t 'ssh|rsh' | Specifies the connection type. The default value is 'SSH'. |
--user|-u '<user>' | Specifies the user ID. The default value is the local user ID. |
--password|-p '<password>' | Specifies the user password. The default value is the user ID. |
--port|-P '<port>' | Specifies the port number for the SSH connection. The default value is 22. |
--keyfile|-k '<keyfile>' | Specifies the private key file. |
--hostfile|-f '<hostfile>' | Specifies the file which lists the hosts. |
-debug | Prints the debug information. |
-h|-? | Prints the help messages. |
<host_URI> | Can be in the following formats: hostname user:password@hostname user:password@hostname: port |
You can check, configure, and unconfigure SSH or RSH using the pwdutil.pl utility. For example:
To check SSH connection for only one host:
pwdutil.pl check ssh hostname
To configure SSH for only one host:
pwdutil.pl configure ssh hostname user password
To unconfigure RSH for only one host:
pwdutil.pl unconfigure rsh hostname
To configure SSH for multiple hosts with the same user ID and password:
pwdutil.pl -a configure -t ssh -u user -p password hostname1 hostname2 hostname3
To configure SSH or RSH for different hosts with a different user ID and password:
pwdutil.pl -a configure -t ssh user1:password1@hostname1 user2:password2@hostname2
To check or configure SSH or RSH for multiple hosts with one configuration file:
pwdutil.pl -a configure -t ssh --hostfile /tmp/sshrsh_hostfile
To keep the host configuration file safe, you can use the 3rd-party utility to encrypt and decrypt the host file with password.
For example:
### run openssl to encrypt the host file in base64 format # openssl aes-256-cbc -a -salt -in /hostfile -out /hostfile.enc enter aes-256-cbc encryption password: <password> Verifying - enter aes-256-cbc encryption password: <password> ### remove the original plain text file # rm /hostfile ### run openssl to decrypt the encrypted host file # pwdutil.pl -a configure -t ssh 'openssl aes-256-cbc -d -a -in /hostfile.enc' enter aes-256-cbc decryption password: <password>
To use the ssh authentication keys that are not under the default $
HOME/.ssh
directory, you can use --keyfile option to specify the ssh keys. For example:### create a directory to host the key pairs: # mkdir /keystore ### generate private and public key pair under the directory: # ssh-keygen -t rsa -f /keystore/id_rsa ### setup ssh connection with the new generated key pair under the directory: # pwdutil.pl -a configure -t ssh --keyfile /keystore/id_rsa user:password@hostname
You can see the contents of the configuration file by using the following command:
# cat /tmp/sshrsh_hostfile user1:password1@hostname1 user2:password2@hostname2 user3:password3@hostname3 user4:password4@hostname4 # all default: check ssh connection with local user hostname5 The following exit values are returned: 0 Successful completion. 1 Command syntax error. 2 Ssh or rsh binaries do not exist. 3 Ssh or rsh service is down on the remote machine. 4 Ssh or rsh command execution is denied due to password is required. 5 Invalid password is provided. 255 Other unknown error.